def test_default_backend(self):
pre_shared_device = PSDeviceFactory(user=self.user)
dispatchable_device = DiDeviceFactory(user=self.user)
pre_shared_challenge = PSChallengeFactory(token=self.auth,
device=pre_shared_device)
dispatchable_challenge = DiChallengeFactory(token=self.auth,
device=dispatchable_device)
backend = DefaultBackend()
counted = backend.verify(self.auth, None)
self.assertEqual(counted, 2)
pre_shared_challenge.confirm = True
pre_shared_challenge.save()
counted = backend.verify(self.auth, None)
self.assertEqual(counted, 1)
dispatchable_challenge.confirm = True
dispatchable_challenge.save()
counted = backend.verify(self.auth, None)
self.assertEqual(counted, 0)
pre_shared_device.delete()
dispatchable_device.delete()
def test_successful_verification(self, timer):
"""
Test a multi factor scenario where multiple devices
will be verified successfully.
"""
timer.return_value = 0
token = get_token_object(self.auth)
pre_shared_test_device = PSDeviceFactory(user=self.user)
dispatchable_test_device = DiDeviceFactory(user=self.user)
dispatchable_test_challenge = DiChallengeFactory(
device=dispatchable_test_device, token=token)
dispatchable_test_challenge.dispatch()
response = self.client.post(reverse("multi-factor-specific", args=[0]),
{"value": pre_shared_test_device.value},
HTTP_AUTHORIZATION=self.token_credentials)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data["verifications-left"], 1)
timer.return_value = 30
response = self.client.post(
reverse("multi-factor-specific",
args=[1]), {"value": dispatchable_test_challenge.value},
HTTP_AUTHORIZATION=self.token_credentials)
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertEqual(response.data["verifications-left"], 0)
pre_shared_test_device.delete()
dispatchable_test_device.delete()
def test_no_device_unsuccessful(self):
device = PSDeviceFactory(user=self.user)
factory = APIRequestFactory()
request = factory.post("/", {"text": "foobar"},
HTTP_AUTHORIZATION=self.token_credentials)
response = no_device_overview_view(request)
self.assertEqual(response.status_code, status.HTTP_403_FORBIDDEN)
device.delete()
def test_unsuccessful_register(self):
device = PSDeviceFactory(user=self.user)
type(device).challenge.objects.create(token=self.auth,
device=device,
confirm=True)
response = self.client.post(reverse("multi-factor-register",
args=(0, )),
HTTP_AUTHORIZATION=self.token_credentials)
self.assertEqual(response.status_code, status.HTTP_409_CONFLICT)
device.delete()
def test_retrieve_overview(self):
PSDeviceFactory(user=self.user)
DiDeviceFactory(user=self.user)
response = self.client.get(reverse("multi-factor-overview"),
HTTP_AUTHORIZATION=self.token_credentials)
expected = [
{
"index": 0,
"confirmed": False,
"dispatchable": False,
"verbose_name": "ps device",
},
{
"index": 1,
"confirmed": False,
"dispatchable": True,
"verbose_name": "di device",
},
]
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertDictEqual(expected[0], dict(response.data[0]))
self.assertDictEqual(expected[1], dict(response.data[1]))
def test_verified_authenticated(self):
device = PSDeviceFactory(user=self.user)
PSChallengeFactory(token=self.auth, device=device, confirm=True)
factory = APIRequestFactory()
request = factory.post("/", {"text": "foobar"},
HTTP_AUTHORIZATION=self.token_credentials)
response = verifying_overview_view(request)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
request = factory.put("/1", {"text": "foobar"},
HTTP_AUTHORIZATION=self.token_credentials)
response = verifying_instance_view(request, pk=1)
self.assertEqual(response.status_code, status.HTTP_200_OK)
device.delete()
def test_throttle_cache_reset(self, timer):
timer.return_value = 0
device = PSDeviceFactory(user=self.user)
factory = APIRequestFactory()
request = factory.post("/0", {"value": "foobar"},
HTTP_AUTHORIZATION=self.token_credentials)
force_authenticate(request, self.user, self.auth)
response = multi_factor_viewset(request, index=0)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
factory = APIRequestFactory()
request = factory.post("/0", {"value": "foobar"})
force_authenticate(request, self.user, self.auth)
response = multi_factor_viewset(request, index=0)
throttle = RecursiveDelayingThrottle
self.assertEqual(response.status_code,
status.HTTP_429_TOO_MANY_REQUESTS)
self.assertIn(throttle.get_ident(Request(request)), throttle.cache)
timer.return_value = int(response["Retry-After"])
factory = APIRequestFactory()
request = factory.post("/0", {"value": device.value})
force_authenticate(request, self.user, self.auth)
response = multi_factor_viewset(request, index=0)
throttle = RecursiveDelayingThrottle
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertNotIn(throttle.get_ident(Request(request)), throttle.cache)
device.delete()
def test_no_device_successful(self):
factory = APIRequestFactory()
request = factory.post("/", {"text": "foobar"},
HTTP_AUTHORIZATION=self.token_credentials)
response = no_device_overview_view(request)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
device = PSDeviceFactory(user=self.user)
device.__class__.challenge.objects.create(token=self.auth,
device=device,
confirm=True)
request = factory.post("/", {"text": "foobar"},
HTTP_AUTHORIZATION=self.token_credentials)
response = no_device_overview_view(request)
self.assertEqual(response.status_code, status.HTTP_201_CREATED)
device.delete()
def test_retrieve_specifics(self):
"""
:return:
"""
PSDeviceFactory(user=self.user)
response = self.client.get(reverse("multi-factor-specific", args=[0]),
HTTP_AUTHORIZATION=self.token_credentials)
expected = {
"index": 0,
"confirmed": False,
"dispatchable": False,
"verbose_name": "ps device",
}
self.assertEqual(response.status_code, status.HTTP_200_OK)
self.assertDictEqual(response.data, expected)
def test_unsuccessful_verification(self, timer):
timer.return_value = 0
location = reverse("multi-factor-specific", args=[100])
response = self.client.post(location, {"value": "foobar"},
HTTP_AUTHORIZATION=self.token_credentials)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
timer.return_value = 30
response = self.client.post(reverse("multi-factor-specific", args=[1]),
{"value": "foobar"},
HTTP_AUTHORIZATION=self.token_credentials)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
timer.return_value = 90
device = PSDeviceFactory(user=self.user)
www_auth = "JSON realm=\"multi factor verification\""
response = self.client.post(reverse("multi-factor-specific", args=[0]),
{"value": "foobar"},
HTTP_AUTHORIZATION=self.token_credentials)
self.assertEqual(response.status_code, status.HTTP_401_UNAUTHORIZED)
self.assertEqual(response["WWW-Authenticate"], www_auth)
timer.return_value = 180
device.delete()
device = DiDeviceFactory(user=self.user)
location = reverse("multi-factor-specific", args=[0])
response = self.client.post(location, {"value": "foobar"},
HTTP_AUTHORIZATION=self.token_credentials)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
device.delete()
def test_unsuccessful_dispatch(self):
"""
Test the scenarios when a device can't be dispatch.
"""
device = PSDeviceFactory(user=self.user)
response = self.client.post(reverse("multi-factor-dispatch", args=[0]),
HTTP_AUTHORIZATION=self.token_credentials)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)
device.delete()
device = DiDeviceFactory(user=self.user)
DiChallengeFactory(device=device, token=self.auth, confirm=True)
response = self.client.post(reverse("multi-factor-dispatch", args=[1]),
HTTP_AUTHORIZATION=self.token_credentials)
self.assertEqual(response.status_code, status.HTTP_409_CONFLICT)
device.delete()
response = self.client.post(reverse("multi-factor-dispatch", args=[0]),
HTTP_AUTHORIZATION=self.token_credentials)
self.assertEqual(response.status_code, status.HTTP_404_NOT_FOUND)